undefined | Better HN

0 pointsTeMPOraL9y ago0 comments

OTOH what about audit trail? Are there any standard solutions for saving commands input at servers without giving person inputting those commands access to the logs?

Also, silly idea for a DOS attack vector: script-spam enough commands to have the audit history consume all available space on server.

0 comments

aaronharnly9y ago

We use rootsh[1] logging to syslog, which gets forwarded to a logging server, which in turn is periodically copied to a wholly separate AWS account, so that in case of breach of the main account the audit logs are intact.

[1] http://linux.die.net/man/1/rootsh

j / k navigate · click thread line to collapse

0 pointsTeMPOraL9y ago0 comments

OTOH what about audit trail? Are there any standard solutions for saving commands input at servers without giving person inputting those commands access to the logs?

Also, silly idea for a DOS attack vector: script-spam enough commands to have the audit history consume all available space on server.

0 comments

aaronharnly9y ago

[1] http://linux.die.net/man/1/rootsh

j / k navigate · click thread line to collapse